Hi Simon: I am glad you brought up this issue because I am NOT using OpenSSL. Further, investigation is needed to determine if my environment can support ssh-agent. However, the security issue you mentioned is very valid and difficult. How do you recommend protecting private keys in an automated environment ?
Best Regards, Paul R. Simon Josefsson wrote: > Paul Romero <pa...@rcom-software.com> writes: > > > Dear Group: > > > > I previously posted this problem to the libcurl group and after > > considering it, think it might actually be a libssh2 problem. > > > > The general problem is that if my private key is encrypted--with > > a passphrase, I can't complete authentication with the SSH > > server using libssh. > > Are you using libgcrypt or OpenSSL as the backend? The libgcrypt > backend can only read unencrypted private keys. > > Encrypted or not, having the private key in the same process as libssh2 > code is likely a bad idea for security -- so I suggest that you use the > agent interface to move public/private key handling to a separate > process. Then you can support any kind of private key (GnuTLS has code > to decrypt encrypted private keys). > > /Simon > _______________________________________________ > libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel -- Paul Romero RCOM Communications Software Phone/Fax: (510)339-2628 E-Mail: pa...@rcom-software.com _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
